3com MSR 20-20 참조 매뉴얼

C

HAPTER

 140: IPS

EC

 C

ONFIGURATION

 C

OMMANDS

■

SA parameters of IKE negotiated IPSec policies are subject to IKE, which is also 
responsible for establishing SAs.

■

When configuring an IPSec policy, you need to set the parameters of both the 
inbound and outbound SAs.

■

The SPI for the inbound SA at the local end must be the same as that for the 
outbound SA at the remote end, and the SPI for the outbound SA at the local 
end must be the same as that for the inbound SA at the remote end.

ipsec policy (system view).

# Configure the SPI of the inbound SA to 10,000 and that of the outbound SA to 
20,000.

<Sysname> system-view

[Sysname] ipsec policy policy1 100 manual

[Sysname-ipsec-policy-manual-policy1-100] sa spi inbound ah 10000

[Sysname-ipsec-policy-manual-policy1-100] sa spi outbound ah 20000 

sa string-key { inbound | outbound } { ah | esp } string-key

undo sa string-key { inbound | outbound } { ah | esp }

IPSec policy view

inbound: Specifies the inbound SA through which. IPSec processes the received 
packets.

outbound: Specifies the outbound SA through which IPSec processes the packets 
to be sent.

ah: Uses AH.

esp: Uses ESP.

string-key: Key string for the SA, consisting of 1 to 255 characters. For different 
algorithms, you can input strings at any length in the specified range. Using this 
key string, the system automatically generates keys meeting the algorithm 
requirements. When the protocol is ESP, the system generates the keys for the 
authentication algorithm and encryption algorithm respectively.

Use the sa string-key command to set an authentication key for an SA.

Use the undo sa string-key command to remove the configuration.

Note that:

■

This command applies to only manual IPSec policies.